On Sep 11, 2025, at 1:44 AM, Can Paçacı <pacaci@servisnet.com.tr> wrote:
Sorry I couldn't explain clearly. I listed the things I wanted to do during the checks on the auth access package as follows:
In the Received Access-Request, -In the normal conditions check User-Name, User-Password and NAS-Identifier and write the appropriate Reply-Message to the return package. -In cases where NAS-Identifier is not defined in the radcheck table only check the User-Name and User-Password and write the appropriate Reply-Message to the return package.
But the server does that already. If you list a User-Name, User-Password, and NAS-Identifier in radcheck, they will all be used. If you only list a User-Name and User-Password in radcheck, it will only use / check those. Perhaps you're looking to catch the situation where a user has a correct name / password, but is using the wrong NAS. For that situation, you don't need to do anything. Just list the right NAS-Identifier in radcheck. Then, if the user logs into a different NAS, it won't match. Since that entry didn't match, the User-Password won't be added. And the user will be rejected. Alan DeKok.